Unable to connect to the LDAP Server

fernando_gonzal
Contributor

I've setup our JIM and LDAP Proxy on an AD box with an external IP address and an externally resolving DNS but Jamf keeps saying it's unable to connect to the LDAP server when using the Test button.
4b901c725f0d48fd8e2462de2c03672e

This JIM has one IP but dual DNS since our AD does not resolve externally. I use our InfoBlox DNS which can resolve externally to provide an externally resolvable DNS.

The DNS are something like jimmy.ad.company.com and jimmy.company.com respectively. When I do a reverse lookup of the IP from the JIM itself it provides the externally resolvable DNS of jimmy.company.com

This DNS name is what shows up on the Jamf side and it checks in about every minute.

Below is the log from Jamf Pro (we have a cloud instance).

Any ideas? Thanks.

2019-09-06 19:16:42,851 [ERROR] [ina-exec-17] [LdapDirContextFactory    ] - javax.naming.CommunicationException: jim.rice.edu:8389 [Root exception is javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
2019-09-06 19:16:42,851 [WARN ] [ina-exec-17] [DAPServerTestHTMLResponse] - Unable to determine user membership
javax.naming.CommunicationException: jimmy.company.com:8389 [Root exception is javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
1 ACCEPTED SOLUTION

fernando_gonzal
Contributor

nevermind, imported our AD certificate and lookups began working.

View solution in original post

4 REPLIES 4

fernando_gonzal
Contributor

nevermind, imported our AD certificate and lookups began working.

AquibS
New Contributor

How you do that ?

fernando_gonzal
Contributor

@AquibS I asked our AD admin for our AD Root CA Cert and then imported that using the Upload Certificate button

e0637cff71eb4f60a5ef12201a2d0c64

@fernando_gonzal While we are requesting AD team to provide the AD Root CA Cert  , does we need to provide any certificate or pem file from Jamf side ?